Le 25 sept. 2013 à 11:40, Ole Troan a écrit :
>
>>>
>>> you need source address dependent routing (e.g.
>>> http://tools.ietf.org/html/draft-troan-homenet-sadr-01)
>>> I think the latest kernel has SADR working. enable CONFIG_IPV6_SUBTREES.
>>
>> I didn't know this draft, interesting.
>> About CONFIG_IPV6_SUBTREES, i already use it to mitigate this problem, but
>> it is all but automatic. You need to implement an external daemon to listen
>> to RAs and dynamically add source routing entries in order to enforce the
>> kernel not to route on the bad interface.
>
> if you are brave (in a month or so you can be a little less brave) you can
> run this
> https://github.com/fingon
Thanks. Actually i work on a custom daemon which does a lot of more things
(e.g. Mobile IPv6) so SADR policies are just one more thing among others ! ;)
>
>> What puzzles me is that the nexthop selection in the linux kernel:
>> * doesn't prefer a router which announces the prefix from which the source
>> address has been generated (when i do a ping6 -I <slaac_eth2> <dest> )
>> * doesn't enforce the interface we bound to (when i do a ping6 -I eth2
>> <dest> )
>> ...whereas two equivalent routes exists ("default via <router1> dev eth1"
>> and "default via <router2> dev eth2" ). Only the expiration time differs
>> between these routes.
>>
>> Surprisingly, even the following ping doesn't succeed to enforce the output
>> interface on my setup:
>> $ ping6 -r -I "<slaac_eth2>%eth2" <dest>
>>
>> This is what sounds weird to me. If this is the actual kernel behaviour, i
>> think we might need to enforce the nexthop selection to prefer the interface
>> corresponding to the source address of the packet (when the packet is
>> locally generated).
>
> isn't that the great thing with Linux, just get your coding hat on. ;-)
Before having to do that i wanted some confirmation. ;)
Moreover the routing code in linux, in particular the fib part, isn't so easy
to understand.
One more thing, which make me think about a bug. If i cleanup the routing cache
between each test, the following works (i don't works if routing cache entries
exist via eth1):
$ ping6 -I "<slaac_eth2>%eth2" <dest>
I take it as a first thing to report on linux-netdev, what i will probably do
soon.
Best regards
Emmanuel Thierry
